source: http://www.securityfocus.com/bid/2482/info
Versions of IBM NetCommerce and WebSphere Commerce Suite ecommerce packages employ weak password encryption for their users' and administrators' passwords.
This encryption is defeatable using a widely-published decryption tool.
Compromise of the user accounts could result in disclosure of sensitive information and interference with the normal operation of the affected website.
Compromise of administrator accounts could result in disclosure of sensitive information, changes to website functionality, and, potentially, could assist in further compromises of security on the affected host.
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/20685.zip